---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: Memphis, Tennessee, United States
Type: Permanent P/T
Closing Date: 2008-01-03
Job Description:
• Identify solutions to address risks presented by proposed new or
modified application & infrastructure functionality and their impact on the
security stance of Company.
• Perform functional design analysis from a security perspective for new
applications/projects.
• Establish and enforce Security Controls.
• Ensure compliance with Programming & Security Practices and Standards,
and recommend improvements and enhancements to these standards as needed. Work
with applications architects and developers, configuration management, and
Internet Infrastructure & Security teams to ensure adherence to standards and
continuity of security in the Systems Development Life Cycle.
• Support development of Security test plans
• Design and participate in implementation of Preventive, Detective, and
Corrective Controls to protect the confidentiality, integrity, and availability
of information processed by applications and suppliers or business partners.
• Investigate reported anomalous events or log entries for impact on the
security, integrity, of applications code and information.
• Implement, automate, and maintain reporting tools for use in Security
Analysis.
• Work with Infrastructure and platform teams in resolution of
security-impacting issues.
• Monitor vulnerability notices from vendors, security agencies (i.e.,
CERT, FIRST, etc.) and governmental resources (i.e., CIAC, etc.). Assist in
tracking company compliance in mitigating such vulnerabilities.
• Publish instructional and implementation guides.
• Implement and enforce corporate-wide standards, policies, and
procedures.
• Work with internal and external auditors, responding to audit
recommendations and preparing reports to senior management.
• Assist in the review, test, lockdown, and certification of application
and infrastructure implementations.
• Conduct regular, scheduled penetration tests of applications and ad hoc
vulnerability testing.
• Facilitate investigations of inappropriate usage of systems and
resources.
• Ensure the day-to-day procedures and guidelines are adhered to in
accordance with internal Company and external regulatory/third party standards.
• Provide support and security expertise to ensure delivery dates for all
application initiatives and infrastructure projects.
JOB REQUIREMENTS
---------------------------------------------------
Technical Background/Experience:
Secure Applications Design and/or Reviews
Experience with applications requiring encryption in transmission (SSL/TLS
protocols) and storage (symmetric and public-key algorithms)
C/C++ is a plus
Perl, sh/ksh, and other scripting tools
Java
JavaScript
ActiveX
Object-Oriented Design and Programming
Database Security
Malicious code detection ; allowed path inspection, and function bounding
Common application exploits
OWASP
Experience with a formal Systems Development Life Cycle
Data warehousing
PKI/Digital Certificate implementations
Familiarity/Experience with HIPAA security requirements and health care
security standards a plus
CISSP or SANS certification preferred but not required.
Platforms: HP-UX 11.00 - 11i, Microsoft Windows 2003/NT/2000/XP/Vista; Linux
Red Hat; Sun Solaris
Web Servers: Covalent Apache Enterprise Server v3.1; Microsoft IIS v 5+
Databases: Oracle 8x/9x; NCR Teradata; DB2 is a plus.
Other products: Websphere, BroadVision, Plumtree Corporate Portal; Siebel;
Netegrity SiteMinder or other Identification/authentication or session
management products.
Degree Level Required:
Bachelor’s Degree in Computer Science, Information Technology or
Information Systems Management, or commensurate work experience
Minimum Years Experience: 3
Salary: $70,000-$75,000
CONTACT
---------------------------------------------------
If qualified, Please submit a Word Version Resume to Jennifer Spadavecchia:
Jennifer@altaassociates.com
Alta Associates, Inc
Jennifer Spadavecchia
Sr Recruiter
jennifer@altaassociates.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
